Security Advisory to Exploit - A Hands-On Approach with WooCommerce Plugins
Recently we wanted to practice to write exploits for web applications from vulnerability advisors or descriptions. For this we planned to exploit some Wordpress plugins. We decided to look into WooCommerce Plugins. WooCommerce is an e-commerce plugin for Wordpress with a large number of active installs (>5 million) - practising on WooCommerce thus offers a “real world” scenario, since webshops are an attractive target. Also, setting up a WooCommerce Webshop in docker is not too hard and there is a great variety of plugins, which provides the opportunity to explore different security vulnerabilities. Keep in mind the following was for learning purposes, do not expect to find vulnerabilities for new or up to date plugins. These issues are all patched by now. That is why we created an environment which allows you to easily test your own exploits for these vulnerabilities and downloads the correct vulnerable versions for you.
OSCP Tools & Resources
Since I recently passed my OSCP and have read a lot of OSCP blogs in the process, I thought I will share some information and tips as well. Due to the shear amount of existing blog posts that all cover the exam perfectly, I do not want to add another one, telling you how to manage your time or structure the exam. Instead I will supply you with some ressources I have used myself, that might be of help for you as well. At this point I wanna say thanks to all the people contributing resources to the community in their spare time :-)
Breaking Simple Captchas with Tesseract OCR and OpenCV in Python
In this blog post I will outline the general approach to solve simple captchas, how to remove basic kinds of noise from an image and in the end how you can speed up and improve accuracy for the Tesseract OCR framework when used in Python. The task I tried to solve was detecting 100 of these captchas below in under 30 seconds.
Timing Attacks using Machine Learning
Most timing attacks fail because the timing differences are too small and the noise is too big.
Naive statistical measures like mean, median or percentile neglect the inner structure of the data and perform poorly in difficult cases. In this article we will analyze and model timing attacks, enabling us to apply machine learning techniques and power up timing attacks as we knew them.
[packetwars 2019] Writeup 'Fun with Finite Fields'
Heidelberg, Germany, after a lovely day in march at the TROOPERS Conference 2019 I find myself in a traditional german restaurant. It’s cold, it’s loud, the food is 6/10, I’m sober and me and Parzel are waiting for Packetwars to start.
[packetwars 2019] Writeup 'CVE launcher'
Speed up your binary exploits! An introduction to gef and pwntools
Recently I was at an awesome security conference in Heidelberg called Troopers. During this event there was a two hour CTF event that consisted of two different stages. First stage was getting an initial foothold into a system while the second stage was to pivot to other machines in the hosted network. These other machines were running different services and I was working on a service called CVE launcher (you can get it here, I also made a writeup here). CVE launcher was a binary that was vulnerable against heap overflows due to several integer overflows. Because I was not able to finish my exploit during the game time I decided that I want to speed up my exploit development. In this blog post I will explain how I was able to speed up my workflow and hopefully give you some ideas for faster exploit development as well.